newt writes "The Australian Government is planning to conduct live trials of as-yet-unspecified censorship technology. But as every geek already knows, these systems can't possibly work in the presence of VPNs and proxy servers. PC Authority clues the punters in." Maybe the ISPs secretly like encouraging SSH tunneling — and making everyone pay for the extra bandwidth used. Not really; Australia's major ISPs, as mentioned a few days ago, think it's a bad idea.
...Until the Aussie government considers SSH, VPN's, and anonymizing proxies to be "hacking"(illegally circumventing a la DMCA) and takes steps to outlaw them.
I'm an Australian myself, and it saddens me to say that you might have a point there [convictcreations.com]. Australia's legendary convict streak [davewarner.com.au] has always been counterbalanced by a lurking streak of repressive authoritarianism [wikipedia.org] of a kind which, if permitted to fully express itself, would make the UK's big brother state look tame.
When deciding whether to allow them to have access to my first kid I bought their course materials. I have no problem at all with kids learning bible stories (I'm a amateur wannabe bible scholar myself), or being taught to be kind to one and other (in fact if the catholics we here I might let him go). But that is not what is being taught. The course has been cleverly designed to inculcate the kids with fear and an unshakeble belief in God as the evangelists see him (complete with creationism).
Hmm, I know the problem. I fixed that in my kids' school---I teach the Scripture lessons. Few of the kids in the classes I teach (11-12 year olds) had heard of evolution until I taught it to them last week.
It wasn't strictly in the curriculum, but it's nothing that's not (officially) in the school curriculum anyway, so I think I'll keep my job. If I stop posting on/. in the next week or two, though, send out a search party...
.Until the Aussie government considers SSH, VPN's, and anonymizing proxies to be "hacking"(illegally circumventing a la DMCA) and takes steps to outlaw them.
While one can never account for the cluelessness and stupidity of so called "conservative" government, tools like SSH and general encryption are foundations of a lot of necessary infrastructure.
How many businesses rely on VPNs to connect their remote offices? How many sysadmins use SSH to remotely connect to their unix systems? If the government moved to outlaw VPNs and SSH, there is no point having an internet any more. If the government did this there would be a major backlash from the business community. It would be political suicide, if the current plan isn't already.
My internet connection is paid for by my current employer so I can (a) telecommute (VPN) (b) remote administer systems in case of problems (VPN, SSH). Its a home internet plan, so they could not simply limit this block to home internet users.
I repeat my point... if the Aussie government starts blocking every protocol that can be used to bypass their stupid filter, there is no point having an internet. Australia will be back to the stone age.
It only compresses if you ask it to, and frankly, the results are usually less than impressive. From the manpage:
-C Requests compression of all data (including stdin, stdout,
stderr, and data for forwarded X11 and TCP connections). The
compression algorithm is the same used by gzip(1), and the
``level'' can be controlled by the CompressionLevel option for
protocol version 1. Compression is desirable on modem lines and
other slow
On any kind of WAN link, it's a savings. It only costs you something on a 100mbit LAN link. The basic problem is that if you hit the CPU limit before you hit the bandwidth limit, compression (or encryption) will suck. But if you can hit the bandwidth limit first, then you will get a reasonable savings.
I've so far found that on a reasonably modern CPU, you need to be pushing in excess of a 10mbit ethernet, but less than a 100mbit ethernet, for it to hit the CPU limit first.
I currently work for an unamed large geotechnical company with HQ in Holland. Their bonehead corporate ICT network routes all traffic through a global gateway in either Holland or the US. I work in Perth, Australia. To access a server on the floor below, the packets are going 1/2 way around the world and back. And its fscking slow.
I currently work for an unamed large geotechnical company with HQ in Holland. Their bonehead corporate ICT network routes all traffic through a global gateway in either Holland or the US. I work in Perth, Australia. To access a server on the floor below, the packets are going 1/2 way around the world and back. And its fscking slow.
Thank god for our hosting networks;)
I was going to say. It's nothing that a diamond head cement drill wouldn't solve. I'm just sorry you went for the easy invisible solution in
You're probably correct, but only because of local mirroring. Anecdotally, most Australians don't even consider 'Australia' when using the internet, instead they consider it a global resource.
Most internet traffic in Australia is to the US. AFAIK the amount of local traffic is 30% at best. This would be including Akamai and other CDN's.
(BTW One ISP recently cited BitTorrent as being 60% of traffic carried)
Our bandwidth caps are dictated by the price of transit to the US, which will fall once competition heats up next year.
To be fair, the Usenet was killed by the old truth that if you give the people a cheap broadcast mechanism, the first thing they'll do is try to put advertisements on it.
It has been said that prostitution is the oldest profession, but before they could be prostitutes they had to advertise their services.
A wise man once said: "The Internet interprets censorship as damage and routes around it."
Routing around Australia as a whole is probably not the intended nor desired outcome. The rest of the Internet will be fine. Just nothing in or out of Oz.
I can see a positive possibility here. Find a work-around, and when you're caught visiting "illegal sites", claim that you thought your actions were legal since there's a "foolproof" filtering system that should've properly protected you.
As an Australian who fervently opposes Chairman Rudd's censorship bill...
There is one advantage I can see to all of this. Big Brother will block anything illegal and offensive to me, right? So I can download absolutely anything I DO find since it MUST be legal. After all, the censorship is perfect!
As an Australian who fervently opposes Chairman Rudd's censorship bill...
I'm Australian too and I'm getting increasingly annoyed with Rudd. I find the man to be less than genuine, and it doesn't stop with his pandering to China or fearlessly taking on a dictatorial line. He seems to remind me of that every time he's in the news. Like yesterday saying that Obama had fulfilled Martin Luther King's dream. Tell that to almost all the southern states - they all voted for McCain. I can't even think how I'd be fee
Given that this whole thing looks to be a pander to Steve Fielding and Family First, I think the better solution will be to start blocking things they care about. That and downloading porn and asking them to grade it for me.
I've had just about enough of FF. Rigging Australian Idol didn't bother me, but now they're trying to shut down the web.
Any decent blocking software also blocks all the popular proxy lists and proxies too (and it constantly updated). Software that does this (like Websense [wikipedia.org]) may not be impossible to get around, but it makes it damn hard (and I know, this is what my school uses and even with my knowledge it's still hard to find a proxy).
My college uses websense, but Tor goes right through it, and with ready-packaged stuff like xB Browser [xerobank.com] and OperaTor [archetwist.com], it's readily available for practically anyone as long as you can grab the program once (long live the sneakernet).
Any decent blocking software also blocks all the popular proxy lists and proxies too (and it constantly updated). Software that does this (like Websense [wikipedia.org]) may not be impossible to get around, but it makes it damn hard (and I know, this is what my school uses and even with my knowledge it's still hard to find a proxy).
Bypassing Websense:
1. Have a PC running on a high-speed Internet connection on the other side of the Websense proxy. 2. On that PC, you need to run OpenSSH and an HTTP proxy server, say at mypc.example.com. In this example, I my proxy server will be using port 8080. Run SSH on Port 443 (works every time) on this box. 3. Using PuTTY or Plink or one of the front-ends for plink, forward 8080 through an SSH connection to this PC from the inside of the Websense firewall. Putty and Plink can tunnel right through the proxy connecting to port 443 just like an HTTPS connection would do. 4. Set your browser to use the proxy on localhost at port 8080 5. Done. All Web accesses will go through the SSH proxy and all of this data will be encrypted as a result.
I will leave the details as an exercise to the reader.
I use my dreamhost [dreamhost.com] shell at work to get around work's s filter. Especially since in the last week they really tightened down the firewall.
I suppose if you had the extra cash $10 a month for no filtering might be worth it. There are plenty of other ssh enabled hosts out there.
It's becoming painfully obvious you're a highschooler trying to get around some stupid proxy. You don't "go find" hosts outside the firewall. You know what they are. They're your home computer, your home router (if you run ddwrt/tomato), your shell account provider (dreamhost for me). This isn't a proxy list, this isn't a list of proxies. It's a computer with OpenSSH running on it.
Everyone HAS told you how to do it, you're just so anxious about showing your l33t skills of haxoring to the Homecoming queen you aren't listening.
If Australia does what a lot of "secure web gateway" vendors are doing with their products - implement a man-in-the-middle attack against encrypted traffic by using a forged cert. So then Australians' choice becomes the same as employees of companies that deploy those systems - agree to being snooped on, or don't use the internet. If Australia's government requires that PCs sold there include the root cert used to forge the other certs (again, like SWG vendors), most citizens wouldn't even notice the differe
What do you mean a forged cert? Won't firefox and the like complain loudly? If worse came to worse, the companies could send you a CD with the key on them.
He mentioned adding it to the root certs to get around that. Just persuade Microsoft to add it as a "critical automatic update" and the majority of people won't notice a thing.
Microsoft is not high on my list of companies that I regard in good stead. But the Australian Government "persuad[ing] Microsoft to add it [forged certs] as a "critical automatic update" targetted at AU users only seems a bit far-fetched--even to me.
It's LZO compressed by default - not to mention encrypted and X509 authenticated - which probably means a net reduction in bandwidth. Go visit their site. [openvpn.org] It's truly excellent open source software.
But seriously. As a practical matter, anyone stuck behind state censorship can use a friend's OpenVPN and proxy in another country.
Hopefully, they will. Google is mainstream enough that killing it will be one of the quickest ways to piss off the public and get this whole plan scrapped.
There's an old rule that 'the best way to fight a stupid law is to enforce it to the letter.' This explains why Australia has a tonne of boneheaded laws that are never enforced.
Uh. (Score:2, Interesting)
Ssh typically does compression and then encryption, so we might very well end up with a net savings in bandwidth.
Re:Uh. (Score:5, Insightful)
Parent
Re:Uh. (Score:4, Insightful)
I'm an Australian myself, and it saddens me to say that you might have a point there [convictcreations.com]. Australia's legendary convict streak [davewarner.com.au] has always been counterbalanced by a lurking streak of repressive authoritarianism [wikipedia.org] of a kind which, if permitted to fully express itself, would make the UK's big brother state look tame.
Parent
Re: (Score:3, Insightful)
Discussing open network initiatives with members of '%' government? Inconceivable!
Re: (Score:3, Interesting)
When deciding whether to allow them to have access to my first kid I bought their course materials. I have no problem at all with kids learning bible stories (I'm a amateur wannabe bible scholar myself), or being taught to be kind to one and other (in fact if the catholics we here I might let him go). But that is not what is being taught. The course has been cleverly designed to inculcate the kids with fear and an unshakeble belief in God as the evangelists see him (complete with creationism).
Hmm, I know the problem. I fixed that in my kids' school---I teach the Scripture lessons. Few of the kids in the classes I teach (11-12 year olds) had heard of evolution until I taught it to them last week.
It wasn't strictly in the curriculum, but it's nothing that's not (officially) in the school curriculum anyway, so I think I'll keep my job. If I stop posting on /. in the next week or two, though, send out a search party...
Re: (Score:3, Insightful)
.Until the Aussie government considers SSH, VPN's, and anonymizing proxies to be "hacking"(illegally circumventing a la DMCA) and takes steps to outlaw them.
While one can never account for the cluelessness and stupidity of so called "conservative" government, tools like SSH and general encryption are foundations of a lot of necessary infrastructure.
Re:Uh. (Score:5, Insightful)
How many businesses rely on VPNs to connect their remote offices? How many sysadmins use SSH to remotely connect to their unix systems? If the government moved to outlaw VPNs and SSH, there is no point having an internet any more. If the government did this there would be a major backlash from the business community. It would be political suicide, if the current plan isn't already.
My internet connection is paid for by my current employer so I can (a) telecommute (VPN) (b) remote administer systems in case of problems (VPN, SSH). Its a home internet plan, so they could not simply limit this block to home internet users.
I repeat my point... if the Aussie government starts blocking every protocol that can be used to bypass their stupid filter, there is no point having an internet. Australia will be back to the stone age.
Parent
Re: (Score:3, Insightful)
On the other hand SSH tunnels aren't amenable to caching. And no matter what, you're adding another hop.
Re: (Score:2)
Re: (Score:3, Informative)
On any kind of WAN link, it's a savings. It only costs you something on a 100mbit LAN link. The basic problem is that if you hit the CPU limit before you hit the bandwidth limit, compression (or encryption) will suck. But if you can hit the bandwidth limit first, then you will get a reasonable savings.
I've so far found that on a reasonably modern CPU, you need to be pushing in excess of a 10mbit ethernet, but less than a 100mbit ethernet, for it to hit the CPU limit first.
Reasonably modern CPU being defined
Re: (Score:2, Interesting)
I currently work for an unamed large geotechnical company with HQ in Holland. Their bonehead corporate ICT network routes all traffic through a global gateway in either Holland or the US. I work in Perth, Australia. To access a server on the floor below, the packets are going 1/2 way around the world and back. And its fscking slow.
Thank god for our hosting networks ;)
Re: (Score:3, Insightful)
I was going to say. It's nothing that a diamond head cement drill wouldn't solve. I'm just sorry you went for the easy invisible solution in
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
The old saying still holds (Score:5, Insightful)
A wise man once said: "The Internet interprets censorship as damage and routes around it."
(And if you don't know who, turn in your Slashdot account by tomorrow morning.)
=Smidge=
Re:The old saying still holds (Score:5, Insightful)
A wise man once said: "The Internet interprets censorship as damage and routes around it."
In fact, the original quote was that "Usenet interprets censorship as damage and routes around it," although the saying is widely misquoted.
(Note how incredibly useful the uncensored usenet has become.)
Parent
Re:The old saying still holds (Score:5, Insightful)
It has been said that prostitution is the oldest profession, but before they could be prostitutes they had to advertise their services.
Parent
Re: (Score:2)
A wise man once said: "The Internet interprets censorship as damage and routes around it."
Then it seems that this wise man did not forsee Cogent blackholing Sprint's traffic.
Re:The old saying still holds (Score:5, Funny)
(And if you don't know who, turn in your Slashdot account by tomorrow morning.)
Translation:
(And if you don't know who, I'm too lazy to google it for you as it has slipped my mind also.)
Parent
Re: (Score:3, Funny)
Routing around Australia as a whole is probably not the intended nor desired outcome. The rest of the Internet will be fine. Just nothing in or out of Oz.
Positive aspect (Score:4, Insightful)
Disobedient (Score:3, Insightful)
you thought your actions were legal since there's a "foolproof" filtering system that should've properly protected you.
It's fool-proof, not criminal proof. Since you're reading material that's critical of the Australian government you've proven yourself a criminal.
Please come with us. *click-clack*
China! (Score:5, Funny)
Won't it be embarrassing when people start routing their traffic through China to get around American and Australian internet legislation?
Vik :v)
Re: (Score:3, Insightful)
What American legislation? It seems that France, China, Australia, and the UK are the ones spearheading big-brother Internet censorship.
Advantages to Censorship (Score:5, Funny)
As an Australian who fervently opposes Chairman Rudd's censorship bill...
There is one advantage I can see to all of this. Big Brother will block anything illegal and offensive to me, right? So I can download absolutely anything I DO find since it MUST be legal. After all, the censorship is perfect!
Pirate bay here I come!
Follow up (Score:4, Funny)
So far it's working out great! Haven't had my net cut off y
Parent
Re: (Score:3, Insightful)
As an Australian who fervently opposes Chairman Rudd's censorship bill...
I'm Australian too and I'm getting increasingly annoyed with Rudd. I find the man to be less than genuine, and it doesn't stop with his pandering to China or fearlessly taking on a dictatorial line. He seems to remind me of that every time he's in the news. Like yesterday saying that Obama had fulfilled Martin Luther King's dream. Tell that to almost all the southern states - they all voted for McCain. I can't even think how I'd be fee
Re: (Score:3, Interesting)
Given that this whole thing looks to be a pander to Steve Fielding and Family First, I think the better solution will be to start blocking things they care about. That and downloading porn and asking them to grade it for me.
I've had just about enough of FF. Rigging Australian Idol didn't bother me, but now they're trying to shut down the web.
Not very good blocking software (Score:5, Interesting)
Re: (Score:2)
Any decent blocking software also blocks all the popular proxy lists and proxies too
But they can't block proxy ports or they will make it very difficult to do business in Australia. How do you get secure email without a tunnel?
Re:Not very good blocking software (Score:4, Informative)
My college uses websense, but Tor goes right through it, and with ready-packaged stuff like xB Browser [xerobank.com] and OperaTor [archetwist.com], it's readily available for practically anyone as long as you can grab the program once (long live the sneakernet).
Parent
Re: (Score:2)
Re:Not very good blocking software (Score:4, Informative)
Any decent blocking software also blocks all the popular proxy lists and proxies too (and it constantly updated). Software that does this (like Websense [wikipedia.org]) may not be impossible to get around, but it makes it damn hard (and I know, this is what my school uses and even with my knowledge it's still hard to find a proxy).
Bypassing Websense:
1. Have a PC running on a high-speed Internet connection on the other side of the Websense proxy.
2. On that PC, you need to run OpenSSH and an HTTP proxy server, say at mypc.example.com. In this example, I my proxy server will be using port 8080. Run SSH on Port 443 (works every time) on this box.
3. Using PuTTY or Plink or one of the front-ends for plink, forward 8080 through an SSH connection to this PC from the inside of the Websense firewall. Putty and Plink can tunnel right through the proxy connecting to port 443 just like an HTTPS connection would do.
4. Set your browser to use the proxy on localhost at port 8080
5. Done. All Web accesses will go through the SSH proxy and all of this data will be encrypted as a result.
I will leave the details as an exercise to the reader.
Doesn't seem 'damn hard' to me at all.
Parent
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
I use my dreamhost [dreamhost.com] shell at work to get around work's s filter. Especially since in the last week they really tightened down the firewall.
I suppose if you had the extra cash $10 a month for no filtering might be worth it. There are plenty of other ssh enabled hosts out there.
Re: (Score:3, Insightful)
Re:Not very good blocking software (Score:4, Insightful)
It's becoming painfully obvious you're a highschooler trying to get around some stupid proxy. You don't "go find" hosts outside the firewall. You know what they are. They're your home computer, your home router (if you run ddwrt/tomato), your shell account provider (dreamhost for me). This isn't a proxy list, this isn't a list of proxies. It's a computer with OpenSSH running on it.
Everyone HAS told you how to do it, you're just so anxious about showing your l33t skills of haxoring to the Homecoming queen you aren't listening.
Parent
It can "work" (Score:2)
If Australia does what a lot of "secure web gateway" vendors are doing with their products - implement a man-in-the-middle attack against encrypted traffic by using a forged cert. So then Australians' choice becomes the same as employees of companies that deploy those systems - agree to being snooped on, or don't use the internet.
If Australia's government requires that PCs sold there include the root cert used to forge the other certs (again, like SWG vendors), most citizens wouldn't even notice the differe
Re: (Score:2)
What do you mean a forged cert? Won't firefox and the like complain loudly? If worse came to worse, the companies could send you a CD with the key on them.
Re: (Score:3, Interesting)
He mentioned adding it to the root certs to get around that. Just persuade Microsoft to add it as a "critical automatic update" and the majority of people won't notice a thing.
Re: (Score:3, Funny)
First, We Take the Guns. (Score:2, Insightful)
Hrm, so 11 years after their Federal powergrab to start banning arms. Not as fast as some regimes, but fitting the pattern pretty well.
Remember what Paul Hogan says, "That's not a knife, this is a knife... that'll get you locked up for two years if you try carrying it in my country."
Australians used to be such bad-asses.
Misunderstanding (Score:5, Interesting)
The filter is there for people who don't want to bypass it.
The only reason there is no opt out planned for the "illegal material" filter is because a "reasonable person" should not want to opt out of it.
In other words: it's not malice, it's stupidity.
Or use OpenVPN! (Score:5, Interesting)
It's LZO compressed by default - not to mention encrypted and X509 authenticated - which probably means a net reduction in bandwidth. Go visit their site. [openvpn.org] It's truly excellent open source software.
But seriously. As a practical matter, anyone stuck behind state censorship can use a friend's OpenVPN and proxy in another country.
Google 'Nolan Chart' (Score:5, Insightful)
The US voted out the religious right yesterday. Pitty our religious right goverment isn't due for re-election for another couple of years...
It has little to do with being religious or right. The problem is statists, no matter their views on God, Gods, no Gods, or economics.
Parent
Re: (Score:3, Insightful)
1. http://www.google.com.au/ [google.com.au]
2. 'Australia internet filter bypass'
3. 95% of the population can bypass the filter.
Re:Even though geeks and tech savy people can bypa (Score:4, Insightful)
Not if they block google.
Parent
Re: (Score:3, Insightful)
Re:Even though geeks and tech savy people can bypa (Score:4, Insightful)
Really? You might want to read up on California's newest constitutional amendment.
Parent
Re: (Score:3, Insightful)
Yep, and the DMCA was a bi-partisan effort here in the States. Neither side cares much for digital rights.